phpGroupWare Multiple Vulnerabilities

Published: 2010-05-17 10:46:01
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Detection Type:
Remote Banner

Solution Type:
Vendor Patch

Recommendations:
The vendor has released phpGroupWare 0.9.16.016 to address this issue. Please see the references for more information.

Summary:
phpGroupWare is prone to multiple SQL-injection vulnerabilities and to a Local File Include Vulnerability because it fails to sufficiently sanitize user-supplied data before using it.

Impact:
Exploiting these issues could allow an attacker to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database or to view files and execute local scripts in the context of the webserver process.

Affected Versions:
Versions of phpGroupWare prior to 0.9.16.016 are vulnerable.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2010-0403
https://nvd.nist.gov/vuln/detail/CVE-2010-0404

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/40167
https://www.securityfocus.com/bid/40168

References:

http://www.securityfocus.com/bid/40168
http://www.securityfocus.com/bid/40167
http://www.phpgroupware.org/

Search
Severity
High
CVSS Score
7.5

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.